Getting "permission denied" with PROFTPD SFTP in Centos

I want configured a SFTP server with CentOS 6. But when I use "put" with Filezila client, I have this message :

open for write: permission denied

In my logs sftp I Have this when I use 'put':

unsupported '' channel requested, ignoring
'subsystem' channel request for 'sftp' subsystem
error checking 'namefile' for REALPATH : Aucun fichier ou dossier de ce type
error opening 'filename'; Permission non accordée

I do not understand because on Debian it works very well...

install Proftpd :

sudo rpm –Uvh
sudo yum install proftpd

For my tests, I blocked the firewall :

service iptables stop

I commented the line "Subsystem" in ssh configuration file "sshd_config"

# Subsystem sftp ....

I add this lines in proftpd configuration file "proftpd.conf" :

nano /etc/proftpd.conf

LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c

<IfModule mod_sftp.c>
# On écoute sur le port 2222
Port                2222
# On active le mode SFTP
SFTPEngine          on

# Emplacement des clés de cryptage
SFTPHostKey         /etc/ssh/ssh_host_rsa_key2
SFTPHostKey         /etc/ssh/ssh_host_dsa_key2

# Pour le moment, on met authentification par mot de passé
# On changera après par authentification par clé
SFTPAuthMethods     password

# L’utilisateur est bloqué au repertoire qu’on lui a attribué
lors de sa création
DefaultRoot         ~

   # On ajoute les fichiers log pour le sftp
SFTPLog         /etc/sftp/log/sftp.log
TransferLog         /etc/sftp/log/sftp-transfer.log

I add a new user and new group :

groupadd upload
adduser --home /etc/sftp/home nom_utilisateur
# On associe le nouvel utilisateur à un des groupes (upload ou download)
usermod –g nom_groupe nom_utilisateur

I can connect to SFTP (the log file fills) but I can not use "put".. When I create a file "test" in a server, in filezila the file is rename 'avril 28 12:45 test"..

Permissions of file /home is 777.

This is this proftpd.conf :

# This is the ProFTPD configuration file
ServerName          "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
DefaultServer           on

VRootEngine         on
VRootAlias          /etc/security/pam_env.conf etc/security/pam_env.conf
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig           proftpd
AuthOrder           mod_auth_pam.c* mod_auth_unix.c
# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
PersistentPasswd        off
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS           off
# Set the user and group that the server runs as
User               nobody
Group              nobody
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile         on
# Define the log formats
LogFormat           default "%h %l %u %t \"%r\" %s %b"
LogFormat           auth    "%v [%P] %h %t \"%r\" %s"
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
# Dynamic ban lists (
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
LoadModule            mod_ban.c
BanEngine         on
BanLog            /var/log/proftpd/ban.log
BanTable          /var/run/proftpd/
BanOnEvent            MaxLoginAttempts 2/00:10:00 01:00:00
BanControlsACLs       all allow user ftpadm
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask             022
# Allow users to overwrite files and change permissions
AllowOverwrite        on



By default SElinux protect you server and disallow access to directories.

You can allow acces by creating rules using chcon.

Example for a web site :

  • test the selinux right : ls -dZ /home/myusergrp/myuser/ftp
  • Allow access right : chcon -R -t httpd_sys_content_t /home/myusergrp/myuser/ftp

Dont remove selinux, prefert go to /etc/selinux/config and configure SELINUX=permissive instead SELINUX=enforcing (and reboot the server). It show you all access problem, that you can solve, and re-enable the enforcing mode after you solve it.

To know more :

I hope this help, Mike


Solution found! The security service of CentOS restricts access to some directory. So just to disable.

nano  /etc/selinux/config
#reboot system

